Information Security Officer

Overview:
The Information Security Officer develops and implements procedures, policies, strategies, and standards in the management of the College's IT security program and controls. The incumbent assesses and recommends strategies to address IT-related risks, threats, and operational deficiencies, and leads incident response activities.
Responsibilities:

* Collaborate with academic and administrative units and ITS support teams to facilitate IT risk assessments

* Implement risk management processes and best practices

* Identify location, type, sensitivity, ownership, and access requirements for data being used by the College

* Establish controls and standards in consultation with supervisor, division/department personnel, and other key constituencies

* Monitor the external IT environment for emerging threats and configure and utilize available systems, alerts, and other sources of information to identify and address security threats and events

* Advise supervisor on appropriate course of action and document risk analysis of security threats for management review

* Research, evaluate, and recommend appropriate IT security systems, technology, controls, and solutions

* Oversee the implementation of security testing projects and other system plans

* Validate project adherence to District policies and standards

* Ensure regulatory compliance through thorough testing, assessment, and remediation prior to full implementation

* Develop, implement, and manage College-wide IT security incident response processes and procedures

* Lead the investigation, coordination, resolution, and closure on security incidents as they are escalated or identified

* Generate fact-based reports and document incident response processes/protocols and updates as needed

* Develop, implement, and maintain a College-wide IT security plan and obtain plan sign-off from key stakeholders and constituencies

* Execute a plan that ensures the integrity and confidentiality of information residing in College workstations, servers, mobile devices, and related computer peripherals

* Maintain an in-depth technical documentation repository of College systems, networks, and core applications

* Lead the planning, testing, and tracking of periodic, College-wide IT security audits

* Identify security gaps and deficiencies through risk assessments and recommend corrective action of identified vulnerabilities and weaknesses

* Ensure requisite compliance monitoring is in place to expeditiously identify control weaknesses, compliance breaches, misuse trends, and/or operational loss events

Qualifications:

* Bachelor's degree in an IT related field

* Five (5) years of experience in IT networks, systems, or security-related positions

* Licenses or Other Certifications: CISSP (Certified Information System Security Professional), CISM (Certified Information Security Manager issued by ISACA), or CISA (Certified Information Security Auditor issued by ISACA) desirable, but not required

* Valid California driver's license

* Knowledge of IT environment in higher education or other public/government agency

* Knowledge of information security, governance, risk and compliance practices and standards

* Knowledge of relevant laws/regulations (e.g., FERPA, HIPAA, GLB Act, Sarbanes-Oxley)

* Knowledge of IT risk and control frameworks (e.g., CoBIT, ISO, NIST, ITIL, PCI)

* Knowledge of information security regulatory requirements and standards

* Knowledge of effective IT security systems, network architectures, concepts, techniques, tools

* Experience with development of educational programs in the area of security awareness

* Experience with institution-wide networks, systems, and applications

* Experienced in developing and implementing IT security policies and procedures

* Experienced in IT security auditing and monitoring

* Experienced in managing network and system security components (e.g., firewalls, intrusion detection/prevention systems)

Benefits:

* Health, Life, Dental, and Vision Insurance

* Sick Leave and Disability

* Retirement

* Summer Work Hours

* Travel Expenses (for final interviewees only)

* Other benefits as outlined in the job posting